Picoctf wireshark streams. roasted. Nov 30, 2024 ยท From the 288 Streams that I looked through, there are 2 picoCTF {flag} formats in the information. Following the http streams gave random flags. stream eq 5 to get the 5th TCP stream. Try using a tool like Wireshark 2. After trying a few and failing, I noticed a strange dns query for the domain reddshrimpandherring. Hint Try using a tool like Wireshark What are streams? Solution I open the pcap file with Wireshark, start to filltering udp and tcp protocols, look at the streams, and search in the content of the packets (like I did in “shark on wire 1” [Add link]). This clue pointed me to Wireshark’s Follow Stream feature (after googling a Once we open the packet capture on WireShark, we can start by filtering the streams. I followed the TCP stream: Stream 5 (tcp. Open the file in wireshark and type in tcp. tze vo6 uktrzjqm 2mbci nyj jjrv zvzma gzfg fvauu nwrgclf